[Engine-devel] UI Plugin API improvements
Vojtech Szocs
vszocs at redhat.com
Fri Apr 5 22:08:04 UTC 2013
Thanks Chris, this is very useful information!
I'm aware of the issue with heartbeat request performing re-login on server [1], the issue you encountered confirms that the root cause is the way how heartbeat requests are made from WebAdmin client (browser).
I suspect this has to do something with cookies, i.e. JSESSIONID cookie for /api path used to transmit REST API session ID. I need to check that the browser eventually sends this cookie alongside Prefer:persistent-auth header within the heartbeat request. Handling cookies is always problematic in JavaScript, as WebAdmin code (i.e. /webadmin) cannot get/set cookies for different paths (i.e. /api) and therefore must rely on browser-specific cookie handling for all outgoing requests.
This is quite important issue, I'll look into this next week. Again, many thanks for the feedback.
[1] https://bugzilla.redhat.com/906046
Thanks,
Vojtech
----- Original Message -----
From: "Christopher Morrissey" <Christopher.Morrissey at netapp.com>
To: "Vojtech Szocs" <vszocs at redhat.com>, "engine-devel" <engine-devel at ovirt.org>
Cc: "Spenser Shumaker" <sshumake at redhat.com>, "René Koch" <r.koch at ovido.at>
Sent: Friday, April 5, 2013 4:11:56 PM
Subject: RE: [Engine-devel] UI Plugin API improvements
Just to reply to my own question, I've done some further investigation and it appears that the session wasn't timing out. It looks like the request from the heartbeat itself was causing the session to be invalidated and a new session to be created. When I modified the code to stop the heartbeat I was able to use the session without problem.
Looking at the requests from the browser, it appears that Jboss is creating a new session with each request. I'm guessing this is a side effect of a combination of the basic authentication information in the header and the server essentially re-authenticating on each request and generating a new session ID to prevent session fixation security issues.
Has anyone else used the REST session ID that is provided through the plugin API? Have you run into this issue? I think the overall issue is exacerbated by the fact that we are making calls outside of the context of the client from our server and don't have the basic authentication header information. Because the client has this, all requests are re-athenticated whether the REST session ID is valid or not. My calls are getting blocked.
Any ideas on how to fix this? A change in the Jboss settings maybe?
-Chris
> -----Original Message-----
> From: Morrissey, Christopher
> Sent: Tuesday, April 02, 2013 7:18 PM
> To: 'Vojtech Szocs'; engine-devel
> Cc: Spenser Shumaker; René Koch
> Subject: RE: [Engine-devel] UI Plugin API improvements
>
> Great job on the dialog support, Vojtech! It's working very well for me.
>
> I am having an issue with the REST session ID that I haven't been able to nail
> down. It seems to be timing out rather quickly. Somewhere between 15 and
> 30 seconds if I don't use it explicitly. I've seen the code that is scheduled to
> run every minute to keep it alive, but it looks like the timeout is happening so
> quickly that the heartbeat can't keep it alive. Any idea on why this would be
> happening?
>
> -Chris
>
>
> > -----Original Message-----
> > From: engine-devel-bounces at ovirt.org [mailto:engine-devel-
> > bounces at ovirt.org] On Behalf Of Vojtech Szocs
> > Sent: Thursday, March 28, 2013 11:25 AM
> > To: engine-devel
> > Cc: Spenser Shumaker; René Koch; Morrissey, Christopher
> > Subject: [Engine-devel] UI Plugin API improvements
> >
> > Hi guys,
> >
> > I've just merged some UI Plugin patches that improve existing API
> > functions, as well as add some new API functions. Please read on to learn
> what's new.
> >
> >
> > Modal dialog API
> > ================
> >
> > Function improved: showDialog
> >
> > New signature:
> > showDialog(title, dialogToken, contentUrl, width, height [,
> > options])
> >
> > Example usage:
> > showDialog('My Dialog', 'my-dialog', 'http://www.foobar.com/',
> > '800px', '600px', {
> > // Default value = empty array (no buttons)
> > buttons: [
> > {
> > label: 'Do stuff',
> > onClick: function() {
> > alert('Bump!');
> > }
> > }
> > ],
> >
> > // Default value = false
> > resizeEnabled: true,
> >
> > // Default value = true
> > closeIconVisible: true,
> >
> > // Default value = true
> > closeOnEscKey: true
> > });
> >
> > Notable changes:
> > * modal dialogs now look & feel the same as standard WebAdmin dialogs
> > * width & height are strings containing CSS units
> > * the reason why buttons default to empty array is to give plugin
> > authors the choice to provide custom buttons (or similar input
> > elements) via dialog content (iframe), and use HTML5
> > window.postMessage to call the plugin (coming soon!)
> >
> > --
> >
> > New function: setDialogContentUrl
> >
> > New signature:
> > setDialogContentUrl(dialogToken, contentUrl)
> >
> > Example usage:
> > setDialogContentUrl('my-dialog', 'http://www.example.com/')
> >
> > --
> >
> > New function: closeDialog
> >
> > New signature:
> > closeDialog(dialogToken)
> >
> > Example usage:
> > closeDialog('my-dialog')
> >
> >
> > Tab API
> > =======
> >
> > Functions improved: addMainTab & addSubTab
> >
> > New signatures:
> > addMainTab(label, historyToken, contentUrl [, options])
> > addSubTab(entityTypeName, label, historyToken, contentUrl [,
> > options])
> >
> > Example usage:
> >
> > // Tab is left-aligned by default
> > addMainTab('Foo Tab', 'foo-tab', 'http://www.foo.com/');
> >
> > // Tab is right-aligned via options object
> > addSubTab('VirtualMachine', 'Bar Tab', 'bar-tab', 'http://www.bar.com/',
> {
> > alignRight: true
> > });
> >
> > --
> >
> > Regards,
> > Vojtech
> > _______________________________________________
> > Engine-devel mailing list
> > Engine-devel at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/engine-devel
More information about the Devel
mailing list